Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.
CISA warns that the CVE-2024-38856 Apache OFBiz flaw disclosed earlier this month is being actively exploited.
Threat actors are targeting a critical flaw in the Apache OFBiz platform that was disclosed in late December.
The Apache Software Foundation has released updates to address a critical file upload vulnerability (CVE-2023-50164) in Struts.
Apache disclosed this flaw and released patches for it on Oct. 25, and proof-of-concept exploit code is also available for the bug.